From deae092e544ecfb3d8a362a260fc00ec01f0883f Mon Sep 17 00:00:00 2001 From: Heiko Schlichting Date: Wed, 23 Apr 2014 07:30:41 -0700 Subject: [PATCH] Bug 1453: Add SERVERS ldap server list override --- doc/doc-docbook/spec.xfpt | 9 +++++++++ doc/doc-txt/ChangeLog | 3 +++ doc/doc-txt/NewStuff | 4 ++++ src/src/lookups/ldap.c | 10 ++++++---- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 3542557c4..6f0a16f37 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -7198,6 +7198,7 @@ them. The following names are recognized: &`USER `& set the DN, for authenticating the LDAP bind &`PASS `& set the password, likewise &`REFERRALS `& set the referrals parameter +&`SERVERS `& set alternate server list for this query only &`SIZE `& set the limit for the number of entries returned &`TIME `& set the maximum waiting time for a query .endd @@ -7219,6 +7220,14 @@ Netscape SDK; for OpenLDAP no action is taken. The TIME parameter (also a number of seconds) is passed to the server to set a server-side limit on the time taken to complete a search. +The SERVERS parameter allows you to specify an alternate list of ldap servers +to use for an individual lookup. The global ldap_servers option provides a +default list of ldap servers, and a single lookup can specify a single ldap +server to use. But when you need to do a lookup with a list of servers that is +different than the default list (maybe different order, maybe a completely +different set of servers), the SERVERS parameter allows you to specify this +alternate list. + Here is an example of an LDAP query in an Exim lookup that uses some of these values. This is a single line, folded to fit on the page: diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6252956a6..30b27a012 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -87,6 +87,9 @@ JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455. JH/14 New options dnssec_request_domains, dnssec_require_domains on the dnslookup router (applying to the forward lookup). +TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list + of ldap servers used for a specific lookup. Patch provided by Heiko + Schlichting. Exim version 4.82 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index c168cf2a7..bfbfc7150 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -32,6 +32,10 @@ Version 4.83 is split from the encryption operation. The default remains that a failed verification cancels the encryption. + 6. New SERVERS override of default ldap server list. In the ACLs, an ldap + lookup can now set a list of servers to use that is different from the + default list. + Version 4.82 ------------ diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 27780db49..f77229ded 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -1133,6 +1133,7 @@ uschar *url = ldap_url; uschar *p; uschar *user = NULL; uschar *password = NULL; +uschar *local_servers = NULL; uschar *server, *list; uschar buffer[512]; @@ -1161,6 +1162,7 @@ while (strncmpic(url, US"ldap", 4) != 0) else if (strncmpic(name, US"TIME=", namelen) == 0) timelimit = Uatoi(value); else if (strncmpic(name, US"CONNECT=", namelen) == 0) tcplimit = Uatoi(value); else if (strncmpic(name, US"NETTIME=", namelen) == 0) tcplimit = Uatoi(value); + else if (strncmpic(name, US"SERVERS=", namelen) == 0) local_servers = value; /* Don't know if all LDAP libraries have LDAP_OPT_DEREF */ @@ -1288,16 +1290,16 @@ if (Ustrncmp(p, "://", 3) != 0) /* No default servers, or URL contains a server name: just one attempt */ -if (eldap_default_servers == NULL || p[3] != '/') +if ((eldap_default_servers == NULL && local_servers == NULL) || p[3] != '/') { return perform_ldap_search(url, NULL, 0, search_type, res, errmsg, &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference, referrals); } -/* Loop through the default servers until OK or FAIL */ - -list = eldap_default_servers; +/* Loop through the default servers until OK or FAIL. Use local_servers list + * if defined in the lookup, otherwise use the global default list */ +list = (local_servers == NULL) ? eldap_default_servers : local_servers; while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL) { int rc; -- 2.25.1